CVE-2013-0335: OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM

May 5, 2022 (updated November 26, 2024)

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

References

bugs.launchpad.net/nova/+bug/1125378
github.com/advisories/GHSA-qfp8-hfqx-c79c
github.com/openstack/nova
github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml
nvd.nist.gov/vuln/detail/CVE-2013-0335
review.openstack.org/
review.openstack.org/
review.openstack.org/

Code Behaviors & Features

Detect and mitigate CVE-2013-0335 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →